Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Mar 2019 23:07:49 +0000
From:      bugzilla-noreply@freebsd.org
To:        testing@freebsd.org
Subject:   [Bug 236857] Fix sysctl check for some sys/audit/process-control tests
Message-ID:  <bug-236857-32464-WHWwatQk3x@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-236857-32464@https.bugs.freebsd.org/bugzilla/>
References:  <bug-236857-32464@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D236857

Olivier Cochard <olivier@freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #203223|0                           |1
        is obsolete|                            |

--- Comment #7 from Olivier Cochard <olivier@freebsd.org> ---
Created attachment 203226
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D203226&action=
=3Dedit
patch using ATF_REQUIRE_SYSCTL_INT

Good remark.

The original code was:

```
const char *capname =3D "kern.features.security_capability_mode";
ATF_REQUIRE_EQ(0, sysctlbyname(capname, &capinfo, &len, NULL, 0))
/* Without CAPABILITY_MODE enabled, cap_enter() returns ENOSYS */
if (!capinfo)
   atf_tc_skip("Capsicum is not enabled in the system");
```

So, the purpose was to check if kern.features.security_capability_mode=3D=
=3D1.
Which mean "Check if capability is enabled".

My patch was adding a "Check if this capability exist", before to check its
status.

If I remove the old sysctlbyname(3) call, I will not catch this condition:
- Capability exist
- But capability is disabled

So I've read freebsd_test_suite/macros.h, and I've found these functions:
- ATF_REQUIRE_FEATURE(_feature_name)
- ATF_REQUIRE_KERNEL_MODULE(_mod_name)
- ATF_REQUIRE_SYSCTL_INT(_mib_name, _required_value)

And I think the best way should using ATF_REQUIRE_SYSCTL_INT(capname,1) that
manage both condition.

With this new patch:
# kyua test sys/audit/process-control:cap_enter_success
sys/audit/process-control:cap_enter_success  ->  skipped: sysctl for
kern.features.security_capability_mode failed: No such file or director
y  [0.003s]

Results file id is usr_tests.20190328-230635-632822
Results saved to /root/.kyua/store/results.usr_tests.20190328-230635-632822=
.db

1/1 passed (0 failed)

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-236857-32464-WHWwatQk3x>